IPsec is a protocol suite for securing IP communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec is an end-to-end security scheme operating in the Internet protocol (IP) Layer of the internet protocol suite. It can be used for protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). Internet key exchange (IKEv1 or IKEv2) is a protocol used to set up a security association (SA) in the IPsec protocol suite. IKE uses a key exchange to set up a shared session secret, from which cryptographic keys may be derived. Public key techniques or, alternatively, a pre-shared key, may be used to mutually authenticate the communicating parties. Encapsulating security payload (ESP) is a member of the IPsec protocol suite (ESP operates directly on top of IP) and provides origin authenticity, integrity, and confidentiality protection of packets. Unlike authentication header (AH), ESP does not protect the IP packet header. However, in tunnel mode, where the entire original IP packet is encapsulated with a new packet header added, ESP protection is afforded to the whole inner IP packet (including the inner header) while the outer header remains unprotected. IPsec is defined in Internet engineering task force (IETF) request for comments (RFC) 4301 and 4309 which are incorporated by reference herein in their entireties. ESP is defined in IETF RFC 4303 which is incorporated by reference herein in its entirety.
In telecommunications equipment performance testing environments, it may be desirable to generate traffic that is stateless and encapsulated in ESP. Conventionally, performance testing includes generating a stream of cleartext stateless packets, such as user datagram protocol (UDP) packets, and then applying encryption and hashing operations associated with ESP encapsulation to each packet. However, the number of encryption operations resulting from conventional methods may be computationally burdensome and may limit how quickly packets are generated for performance testing purposes. As networks handle greater volumes of traffic and network devices increase in performance, so too must testing equipment keep pace in order to accurately test the performance of emerging networks and network equipment.
Accordingly, in light of these difficulties, a need exists for improved methods, systems, and computer readable media for reducing the number of required encryption operations associated with generating a stream of stateless packets for performance testing of telecommunications equipment.